Is Your Industry on The Hacker Hit List?

Is Your Industry on The Hacker Hit List?

Cybercriminals are adapting techniques they’ve used successfully against financial service companies to breach other data-rich industries. Here’s a list of who’s on their hit list.

It was barely more than a decade ago that data breaches didn’t register as a major concern for companies. But cybercrime is exploding – costing the world an estimated $600 billion in 2017 – and the potential reputational damage and major financial losses that follow a successful attack rank high on every company’s agenda.

Cybercrime has become a permanent and alarming risk for organizations of all sizes and industry backgrounds. The average cost for every lost or stolen record containing confidential information is $148, according to a 2018 data breach study by the Ponemon Institute and IBM. Businesses storing sensitive and personal information are the most coveted targets of cybercrime. But data breaches aren’t the only risk. Crippling attacks like ransomware are emerging as key cybersecurity threats.

Cybercriminals, who have long preyed on the financial industry for obvious reasons, have moved on to target other industries. Read on to discover if yours is one of them and if you are taking enough precautions to safeguard your organization.

So, why healthcare? This industry often lags when it comes to information security. Cost-cutting measures have left many healthcare organizations reliant on unpatched legacy systems. Electronic healthcare records also are chock full of personal information that fetches a handsome price on the dark web.

Finance

While other industries have started to feel the heat, financial services remain a prime target. The financial sector is attacked 65 percent more often than other industries – and it’s easy to understand why. Credit card details, password information, bank account details, investment records – that’s just the beginning of the valuable data that’s stored and regularly accessed by financial services companies online. More than 200 million financial records were breached in 2016 alone, a staggering 937 percent increase over the previous year. Cybercriminals continue to strike at the heart of U.S. finance, with significant breaches impacting major institutions like JPMorgan Chase, Equifax, and even the Securities and Exchange Commission.

Educational institutions are a near-perfect target for hackers. Besides the sheer volume of personal, healthcare, and financial information they store on students, parents, and staff, their security measures tend to be light. That’s partly because they were largely unscathed by cybercrime in the past, and partly because their computer systems were designed for easy access by students and parents.

Further complicating matters is that schools have less control over devices that connect to their networks. Many allow students to bring personal devices to class, and a malware-infected laptop can quickly compromise other systems.

Manufacturing

While not previously considered very “attackable,” manufacturing has become one of the most regularly targeted industries in recent years. Nearly 40 percent of cyber-attacks in 2016 targeted this sector, according to a Computer Weekly.com report. In fact, during the second quarter of 2017, manufacturing surpassed finance and healthcare as the biggest target of cybercrime, according to the report.

The increased interest from hackers is largely attributed to three factors: the value of manufacturers’ intellectual property, industrial control systems that are often left unguarded, and a focus on enhancing productivity and efficiency at manufacturing facilities instead of cybersecurity. Improvements made to increase automation and cut costs further increase the sector’s vulnerability, widening the attack surface with the Internet of Things (IoT) devices, robotics, and human-machine interfaces.

Manufacturers in the pharmaceutical, defense, and chemical sectors hold critical data that hackers can sell or use for political gain, from business secrets to breakthroughs in research and development. More than 20 percent of manufacturers have lost proprietary intellectual property in cyber-attacks, Computer Weekly.com reports.

Government agencies

The information they hold on their citizens makes them the nation’s biggest source of personal data, from tax records to license registrations to healthcare data. Unfortunately, they also typically have the smallest cybersecurity budgets, making them a good target for cybercrime.

Law firms

Hackers are taking advantage of two important truths about the legal sector: First, law firms store sensitive information about their clients, financial data, and documents about the patent, litigation, and pending merger and acquisitions. Second, many law firms have inadequate cybersecurity practices.

Corporations are urging the legal sector to step up its cybersecurity game as hackers realize that even if they are thwarted by robust security at a company, they can get the data they desire by turning their attention to its law firm.

Energy

Energy and utility companies are alarming targets, as they are vulnerable to hackers interested in harming a particular city, state, or country. In March, the U.S. accused Russia of a wide-ranging cyber-assault on its energy grid and other key parts of its infrastructure that began in 2016. Officials claimed Russia placed malware in the operating systems of several organizations in the country’s energy, nuclear, water, and “critical manufacturing” sectors.

Utilities and energy companies suffered the second-largest impact from cyber-attacks in 2017, with annualized costs of $17.2 million in the United States. But a Deloitte report asserts that many energy companies shrug off cybersecurity concerns, with only a handful citing cyber-breaches as a major risk in their annual filings. Despite the growing number of attacks and the national security implications they can cause, many of the industry’s decision makers remain complacent about cybersecurity.

Many don’t understand that the remote operations that make them feel safe also make them a target, giving hackers a chance to tap into energy networks by locating near them. Researchers from the University of Tulsa recently proved how easy it is to seize control of an entire farm of wind turbines. After picking a lock on an unsupervised turbine’s door and accessing the unsecured server closet within, the researchers were able to drive miles into the surrounding rural fields and use their laptops to control the farm.

Cybercrime is on the rise and a growing number of industries are being targeted

Fortunately, the Online Trust Alliance asserts that more than 90 percent of data breaches could have been prevented by implementing cybersecurity best practices. That includes having a solid cybersecurity plan in place, following basic compliance processes, implementing proactive detection and response, and training employees to spot suspicious behavior.

An experienced cybersecurity provider can help you assess your risk and shore up the security holes in your organization before a clever hacker walks through them.

Absolute Logic’s clients across four states and 40 industries are guided safely through the threat landscape. Our Absolute Security powered by CyberGuard360 includes a wide array of services such as system security suites, risk assessment, education, and training and disaster recovery, and we specialize in helping New York companies comply with 23 NYCRR 500. If you’d like us to put our expertise to work for you, we’d be happy to help. Call us at 844-315-9882 or use our contact form for a free consultation.